ThE g0bL!N

92 exploits Active since Dec 2006
CVE-2006-6199 EXPLOITDB perl WORKING POC
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
CVE-2009-3366 EXPLOITDB text WORKING POC
An image gallery 1.0 - Path Traversal via Path Parameter
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
CVE-2009-2364 EXPLOITDB perl WORKING POC
mp3-nator 2.0 - Stack-Based Buffer Overflow via Long String in .plf or listdata.dat File
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
CVE-2009-2080 EXPLOITDB text WORKING POC
MRCGIGUY The Ticket System 2.0 - Info Disclosure
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
CVE-2009-4670 EXPLOITDB text WORKING POC
RoomPHPlanning 1.6 - Unauthenticated Arbitrary User and Room Deletion via admin/delitem.php
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
CVE-2009-4669 EXPLOITDB text WORKING POC
RoomPHPlanning 1.6 - SQL Injection via Login Parameter or Old Password Field
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.
CVE-2009-2178 EXPLOITDB text WORKING POC
phpDatingClub 3.7 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2010-20113 EXPLOITDB CRITICAL python WORKING POC
EasyFTP Server < 1.7.0.12 - Unauthenticated Stack-based Buffer Overflow via list.html Path Parameter
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
CVSS 9.8
CVE-2009-4761 EXPLOITDB python WORKING POC
Mini-stream RM Downloader - Buffer Overflow
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
CVE-2008-4378 EXPLOITDB text WORKING POC
Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-20113 METASPLOIT CRITICAL ruby WORKING POC
EasyFTP Server < 1.7.0.12 - Unauthenticated Stack-based Buffer Overflow via list.html Path Parameter
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
CVSS 9.8
CVE-2009-4453 EXPLOITDB html WORKING POC
SoftCab Sound Converter <1.2 - Path Traversal
Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information.
EIP-2026-119208 EXPLOITDB perl WORKING POC
Techlogica HTTP Server 1.03 - Arbitrary File Disclosure
EIP-2026-118488 EXPLOITDB ruby WORKING POC
EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow (Metasploit)
EIP-2026-118645 EXPLOITDB html WORKING POC
HP Digital Imaging - 'hpodio08.dll' Insecure Method
CVE-2009-2566 EXPLOITDB perl WORKING POC
TFM MMPlayer 2.0- - Buffer Overflow
Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
EIP-2026-118241 EXPLOITDB html WORKING POC
Advanced File Vault - 'eSellerateControl350.dll' ActiveX HeapSpray
EIP-2026-117780 EXPLOITDB perl WORKING POC
PlayMeNow - '.m3u' Universal XP Buffer Overflow (SEH)
EIP-2026-117779 EXPLOITDB perl WORKING POC
PlayMeNow - '.M3U' Playlist Buffer Overflow (SEH)
CVE-2009-2364 EXPLOITDB perl WORKING POC
mp3-nator 2.0 - Stack-Based Buffer Overflow via Long String in .plf or listdata.dat File
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
EIP-2026-117776 EXPLOITDB perl WORKING POC
Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)
CVE-2009-0450 EXPLOITDB perl WORKING POC
BlazeVideo HDTV Player <3.5 - Buffer Overflow
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
EIP-2026-117303 EXPLOITDB perl WORKING POC
Icarus 2.0 - '.ICP' Local Stack Overflow
CVE-2009-2550 EXPLOITDB perl WORKING POC
Hamster Audio Player 0.3a - Buffer Overflow
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
EIP-2026-117302 EXPLOITDB perl WORKING POC
Icarus 2.0 - '.icp' Local Buffer Overflow (SEH)